Commit 260e8e04 authored by Tinderbox User's avatar Tinderbox User

regen master

parent aabcb1fd
......@@ -86,14 +86,14 @@ option\&.
"All"\&. The
\fB\-a\fR
option is normally equivalent to
\fB\-v\fR\fB\-t\fRANY\&. It also affects the behaviour of the
\fB\-v \-t \fR\fBANY\fR\&. It also affects the behaviour of the
\fB\-l\fR
list zone option\&.
.RE
.PP
\-c \fIclass\fR
.RS 4
Query class: This can be used to lookup Hesiod or Chaosnet class resource records\&. The default class is IN (Internet)\&.
Query class: This can be used to lookup HS (Hesiod) or CH (Chaosnet) class resource records\&. The default class is IN (Internet)\&.
.RE
.PP
\-C
......@@ -121,12 +121,12 @@ Obsolete\&. Use the IP6\&.INT domain for reverse lookups of IPv6 addresses as de
.RS 4
List zone: The
\fBhost\fR
performs a zone transfer of zone
command performs a zone transfer of zone
\fIname\fR
and prints out the NS, PTR and address records (A/AAAA)\&.
.sp
Together, the
\fB\-l\fR\fB\-a\fR
\fB\-l \-a\fR
options print all records in the zone\&.
.RE
.PP
......@@ -145,9 +145,7 @@ directive in
.PP
\-r
.RS 4
Non\-recursive query: Setting this option clears the
\fBRD\fR
\(em recursion desired \(em bit in the query\&. This should mean that the name server receiving the query will not attempt to resolve
Non\-recursive query: Setting this option clears the RD (recursion desired) bit in the query\&. This should mean that the name server receiving the query will not attempt to resolve
\fIname\fR\&. The
\fB\-r\fR
option enables
......@@ -174,7 +172,7 @@ send the query to the next nameserver if any server responds with a SERVFAIL res
.PP
\-t \fItype\fR
.RS 4
Query type: the
Query type: The
\fItype\fR
argument can be any recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc\&.
.sp
......@@ -188,8 +186,8 @@ is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
\fBhost\fR
will query for PTR records\&.
.sp
If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e\&.g\&.
\fB\-t\fRIXFR=12345678)\&.
If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (like
\fB\-t \fR\fBIXFR=12345678\fR)\&.
.RE
.PP
\-T
......@@ -217,7 +215,8 @@ Verbose output\&. Equivalent to the
\fB\-d\fR
debug option\&. Verbose output can also be enabled by setting the
\fIdebug\fR
option in/etc/resolv\&.conf\&.
option in
/etc/resolv\&.conf\&.
.RE
.PP
\-V
......@@ -227,14 +226,14 @@ Print the version number and exit\&.
.PP
\-w
.RS 4
Wait forever: the query timeout is set to the maximum possible\&. See also the
Wait forever: The query timeout is set to the maximum possible\&. See also the
\fB\-W\fR
option\&.
.RE
.PP
\-W \fIwait\fR
.RS 4
Timeout: wait for up to
Timeout: Wait for up to
\fIwait\fR
seconds for a reply\&. If
\fIwait\fR
......
......@@ -68,14 +68,14 @@
<dt><span class="term">-a</span></dt>
<dd><p>
"All". The <code class="option">-a</code> option is normally equivalent
to <code class="option">-v</code> <code class="option">-t</code> <code class="literal">ANY</code>.
to <code class="option">-v -t <code class="literal">ANY</code></code>.
It also affects the behaviour of the <code class="option">-l</code>
list zone option.
</p></dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
Query class: This can be used to lookup Hesiod or Chaosnet
class resource records. The default class is IN
Query class: This can be used to lookup HS (Hesiod) or CH
(Chaosnet) class resource records. The default class is IN
(Internet).
</p></dd>
<dt><span class="term">-C</span></dt>
......@@ -102,12 +102,12 @@
<dd>
<p>
List zone:
The <span class="command"><strong>host</strong></span> performs a zone transfer of
The <span class="command"><strong>host</strong></span> command performs a zone transfer of
zone <em class="parameter"><code>name</code></em> and prints out the NS,
PTR and address records (A/AAAA).
</p>
<p>
Together, the <code class="option">-l</code> <code class="option">-a</code>
Together, the <code class="option">-l -a</code>
options print all records in the zone.
</p>
</dd>
......@@ -126,10 +126,10 @@
<dt><span class="term">-r</span></dt>
<dd><p>
Non-recursive query:
Setting this option clears the <span class="type">RD</span> &#8212;
recursion desired &#8212; bit in the query. This should
mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>.
Setting this option clears the RD (recursion desired) bit
in the query. This should mean that the name server
receiving the query will not attempt to
resolve <em class="parameter"><code>name</code></em>.
The <code class="option">-r</code> option
enables <span class="command"><strong>host</strong></span> to mimic the behavior of a
name server by making non-recursive queries and expecting
......@@ -155,7 +155,7 @@
<dd>
<p>
Query type:
the <em class="parameter"><code>type</code></em> argument can be any
The <em class="parameter"><code>type</code></em> argument can be any
recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc.
</p>
<p>
......@@ -173,7 +173,7 @@
If a query type of IXFR is chosen the starting serial
number can be specified by appending an equal followed by
the starting serial number
(e.g. <code class="option">-t</code> <code class="literal">IXFR=12345678</code>).
(like <code class="option">-t <code class="literal">IXFR=12345678</code></code>).
</p>
</dd>
<dt><span class="term">-T</span></dt>
......@@ -199,7 +199,7 @@
Equivalent to the <code class="option">-d</code> debug option.
Verbose output can also be enabled by setting
the <em class="parameter"><code>debug</code></em> option
in<code class="filename">/etc/resolv.conf</code>.
in <code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
......@@ -207,13 +207,13 @@
</p></dd>
<dt><span class="term">-w</span></dt>
<dd><p>
Wait forever: the query timeout is set to the maximum possible.
Wait forever: The query timeout is set to the maximum possible.
See also the <code class="option">-W</code> option.
</p></dd>
<dt><span class="term">-W <em class="replaceable"><code>wait</code></em></span></dt>
<dd>
<p>
Timeout: wait for up to <em class="parameter"><code>wait</code></em>
Timeout: Wait for up to <em class="parameter"><code>wait</code></em>
seconds for a reply. If <em class="parameter"><code>wait</code></em> is
less than one, the wait interval is set to one second.
</p>
......
......@@ -264,6 +264,7 @@ options {
sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented
auth\-nxdomain \fIboolean\fR; // default changed
minimal\-any \fIboolean\fR;
minimal\-responses \fIboolean\fR;
recursion \fIboolean\fR;
rrset\-order {
......@@ -298,6 +299,16 @@ options {
check\-mx\-cname ( fail | warn | ignore );
check\-srv\-cname ( fail | warn | ignore );
cache\-file \fIquoted_string\fR; // test option
catalog\-zones {
zone \fIquoted_string\fR
[ default\-masters
[port \fIip_port\fR]
[dscp \fIip_dscp\fR]
{ ( \fImasters_list\fR | \fIip_addr\fR [port \fIip_port\fR] [key \fIkey\fR] ) ; [\&.\&.\&.] }]
[in\-memory \fIyes_or_no\fR]
[min\-update\-interval \fIinterval\fR]
; \&.\&.\&. };
;
suppress\-initial\-notify \fIboolean\fR; // not yet implemented
preferred\-glue \fIstring\fR;
dual\-stack\-servers [ port \fIinteger\fR ] {
......@@ -446,6 +457,7 @@ view \fIstring\fR \fIoptional_class\fR {
sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented
auth\-nxdomain \fIboolean\fR; // default changed
minimal\-any \fIboolean\fR;
minimal\-responses \fIboolean\fR;
recursion \fIboolean\fR;
rrset\-order {
......
......@@ -207,6 +207,7 @@ options
sortlist{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
topology{<em class="replaceable"><code>address_match_element</code></em>;...};//notimplemented<br>
auth-nxdomain<em class="replaceable"><code>boolean</code></em>;//defaultchanged<br>
minimal-any<em class="replaceable"><code>boolean</code></em>;<br>
minimal-responses<em class="replaceable"><code>boolean</code></em>;<br>
recursion<em class="replaceable"><code>boolean</code></em>;<br>
rrset-order{<br>
......@@ -241,6 +242,16 @@ options
check-mx-cname(fail|warn|ignore);<br>
check-srv-cname(fail|warn|ignore);<br>
cache-file<em class="replaceable"><code>quoted_string</code></em>;//testoption<br>
catalog-zones{<br>
zone<em class="replaceable"><code>quoted_string</code></em><br>
[<span class="optional">default-masters<br>
[<span class="optional">port<em class="replaceable"><code>ip_port</code></em></span>]<br>
[<span class="optional">dscp<em class="replaceable"><code>ip_dscp</code></em></span>]<br>
{(<em class="replaceable"><code>masters_list</code></em>|<em class="replaceable"><code>ip_addr</code></em>[<span class="optional">port<em class="replaceable"><code>ip_port</code></em></span>][<span class="optional">key<em class="replaceable"><code>key</code></em></span>]);[<span class="optional">...</span>]}</span>]<br>
[<span class="optional">in-memory<em class="replaceable"><code>yes_or_no</code></em></span>]<br>
[<span class="optional">min-update-interval<em class="replaceable"><code>interval</code></em></span>]<br>
;...};<br>
;<br>
suppress-initial-notify<em class="replaceable"><code>boolean</code></em>;//notyetimplemented<br>
preferred-glue<em class="replaceable"><code>string</code></em>;<br>
dual-stack-servers[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]{<br>
......@@ -404,6 +415,7 @@ view
sortlist{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
topology{<em class="replaceable"><code>address_match_element</code></em>;...};//notimplemented<br>
auth-nxdomain<em class="replaceable"><code>boolean</code></em>;//defaultchanged<br>
minimal-any<em class="replaceable"><code>boolean</code></em>;<br>
minimal-responses<em class="replaceable"><code>boolean</code></em>;<br>
recursion<em class="replaceable"><code>boolean</code></em>;<br>
rrset-order{<br>
......
......@@ -107,10 +107,16 @@
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.14.5">Configuring DynDB</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.14.6">Sample DynDB Module</a></span></dt>
</dl></dd>
<dt><span class="section"><a href="Bv9ARM.ch04.html#catz-info">Catalog Zones</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.15.4">Principle of Operation</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.15.5">Configuring Catalog Zones</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.15.6">Catalog Zone format</a></span></dt>
</dl></dd>
<dt><span class="section"><a href="Bv9ARM.ch04.html#ipv6">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.15.6">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.15.7">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.16.6">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.16.7">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
......@@ -2328,6 +2334,222 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="catz-info"></a>Catalog Zones</h2></div></div></div>
<p>
A "catalog zone" is a special DNS zone that contains a list of
other zones to be served, along with their configuration parameters.
Zones listed in a catalog zone are called "member zones".
When a catalog zone is loaded or transferred to a slave server
which supports this functionality, the slave server will create
the member zones automatically. When the catalog zone is updated
is updated (for example, to add or delete member zones, or change
their configuration aprameters) those changes are immediately put
into effect. Because the catalog zone is a normal DNS zone, these
configuration changes can be propagated using the standard AXFR/IXFR
zone transfer mechanism.
</p>
<p>
Catalog zones' format and behavior are specified as an internet draft
for interoperability among DNS implementations. As of this release, the
latest revision of the DNS catalog zones draft can be found here:
https://datatracker.ietf.org/doc/draft-muks-dnsop-dns-catalog-zones/
</p>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.5.15.4"></a>Principle of Operation</h3></div></div></div>
<p>
Normally, if a zone is to be served by a slave server, the
<code class="filename">named.conf</code> file on the server must list the
zone, or the zone must be added using <span class="command"><strong>rndc addzone</strong></span>.
In environments with a large number of slave servers and/or where
the zones being served are changing frequently, the overhead involved
in maintaining consistent zone configuration on all the slave
servers can be significant.
</p>
<p>
A catalog zone is a way to ease this administrative burden. It is a
DNS zone that lists member zones that should be served by slave servers.
When a slave server receives an update to the catalog zone, it adds,
removes, or reconfigures member zones based on the data received.
</p>
<p>
To use a catalog zone, it must first be set up as a normal zone on
the master and the on slave servers that will be configured to use
it. It must also be added to a <code class="option">catalog-zones</code> list
in the <code class="option">options</code> or <code class="option">view</code> statement
in <code class="filename">named.conf</code>. (This is comparable to the way
a policy zone is configured as a normal zone and also listed in
a <code class="option">response-policy</code> statement.)
</p>
<p>
To use the catalog zone feature to serve a new member zone:
</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Set up the the member zone to be served on the master as normal.
This could be done by editing <code class="filename">named.conf</code>,
or by running <span class="command"><strong>rndc addzone</strong></span>.
</p></li>
<li class="listitem"><p>
Add an entry to the catalog zone for the new member zone.
This could be done by editing the catalog zone's master file
and running <span class="command"><strong>rndc reload</strong></span>, or by updating
the zone using <span class="command"><strong>nsupdate</strong></span>.
</p></li>
</ul></div>
<p>
The change to the catalog zone will be propagated from the master to all
slaves using the normal AXFR/IXFR mechanism. When the slave receives the
update to the catalog zone, it will detect the entry for the new member
zone, create an instance of of that zone on the slave server, and point
that instance to the <code class="option">masters</code> specified in the catalog
zone data. The newly created member zone is a normal slave zone, so
BIND will immediately initiate a transfer of zone contents from the
master. Once complete, the slave will start serving the member zone.
</p>
<p>
Removing a member zone from a slave server requires nothing more than
deleting the member zone's entry in the catalog zone. The change to the
catalog cone is propagated to the slave server using the normal AXFR/IXFR
transfer mechanism. The slave server, on processing the update, will
notice that the member zone has been removed. It will stop serving the
zone and remove it froms its list of configured zones. (Removing the
member zone from the master server has to be done in the normal way,
by editing the configuration file or running
<span class="command"><strong>rndc delzone</strong></span>.)
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.5.15.5"></a>Configuring Catalog Zones</h3></div></div></div>
<p>
Catalog zones are configured with a <span class="command"><strong>catalog-zones</strong></span>
statement in the <code class="literal">options</code> or <code class="literal">view</code>
section of <code class="filename">named.conf</code>. For example,
</p>
<pre class="screen">
catalog-zones {
zone "catalog.example" default-masters { 10.53.0.1; } in-memory true min-update-interval 10;
};
</pre>
<p>
This statement specifies that the zone
<code class="literal">catalog.example</code> is a catalog zone. This zone must be
properly configured in the same view. In most configurations, it would
be a slave zone.
</p>
<p>
The <code class="option">default-masters</code> option defines the default masters
for member zones listed in a catalog zone. This can be overriden by
options within a catalog zone. If no such options are included, then
member zones will transfer their contents from the servers listed in
this option.
</p>
<p>
The <code class="option">in-memory</code> option, if set to <code class="literal">yes</code>,
causes member zones to be stored only in memory. This is functionally
equivalent to configuring a slave zone without a <code class="option">file</code>.
option. The default is <code class="literal">no</code>; member zones' content
will be stored locally in a file whose name is automatically generated
from the view name, catalog zone name, and member zone name.
</p>
<p>
The <code class="option">min-update-interval</code> option sets the minimum
interval between processing of updates to catalog zones, in seconds.
If an update to a catalog zone (for example, via IXFR) happens less
than <code class="option">min-update-interval</code> seconds after the most
recent update, then the changes will not be carried out until this
interval has elapsed. The default is <code class="literal">5</code> seconds.
</p>
<p>
Catalog zones are defined on a per-view basis. Configuring a non-empty
<code class="option">catalog-zones</code> statement in a view will automatically
turn on <code class="option">allow-new-zones</code> for that view. (Note: this
means <span class="command"><strong>rndc addzone</strong></span> and <span class="command"><strong>rndc delzone</strong></span>
will also work in any view that supports catalog zones.)
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.5.15.6"></a>Catalog Zone format</h3></div></div></div>
<p>
A catalog zone is a regular DNS zone; therefore, it has to have a
single <code class="literal">SOA</code> and at least one <code class="literal">NS</code>
record.
</p>
<p>
A record stating the version of the catalog zone format is
also required. If the version number listed is not supported by
the server, then a catalog zone may not be used by that server.
</p>
<pre class="screen">
catalog.example. IN SOA . . 2016022901 900 600 86400 1
catalog.example. IN NS nsexample.
version.catalog.example. IN TXT "1"
</pre>
<p>
Note that this record must have the domain name
version.<em class="replaceable"><code>catalog-zone-name</code></em>. This illustrates
how the meaning of data stored in a catalog zone is indicated by the
the domain name label immediately before the catalog zone domain.
</p>
<p>
Catalog zones can contain a set of global options that are applied to
all member zones, overriding the settings for the catalog zone
in the configuration file. Currently only the "masters" option
is supported:
</p>
<pre class="screen">
masters.catalog.example IN A 192.0.2.1
masters.catalog.example IN AAAA 2001:db8::1
</pre>
<p>
(Note that if more than one server is defined, the order in which
they are used is undefined. The above example could correspond to
a zone configured with
<code class="option">masters { 192.0.2.1; 2001:db8::1; };</code>
or with
<code class="option">masters { 2001:db8::1; 192.0.2.1; };</code>.
There is currently no way to force a particular ordering.)
</p>
<p>
A member zone is added by including a <code class="literal">PTR</code>
resource record in the <code class="literal">zones</code> sub-domain of the
catalog zone. The record label is a <code class="literal">SHA-1</code> hash
of the member zone name in wire format. The target of the PTR
record is the member zone name. For example, to add the member
zone <code class="literal">domain.example</code>:
</p>
<pre class="screen">
5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example IN PTR domain.example.
</pre>
<p>
The hash is necessary to identify options for a specific member
zone. The member zone-specific options are defined the same way as
global options, but in the member zone subdomain:
</p>
<pre class="screen">
masters.5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example IN A 192.0.2.2
masters.5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example IN AAAA 2001:db8::2
</pre>
<p>
As would be expected, options defined for a specific zone override
the global options defined in the catalog zone. These in turn override
the global options defined in the <code class="literal">catalog-zones</code>
statement in the configuration file.
</p>
<p>
(Note that none of the global records an option will be inherited if
any records are defined for that option for the specific zone. For
example, if the zone had a <code class="literal">masters</code> record of type
A but not AAAA, then it would <span class="emphasis"><em>not</em></span> inherit the
type AAAA record from the global option.)
</p>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="ipv6"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
......@@ -2366,7 +2588,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.5.15.6"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<a name="id-1.5.16.6"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
......@@ -2385,7 +2607,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.5.15.7"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<a name="id-1.5.16.7"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
......
......@@ -2317,6 +2317,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> has-old-clients <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> host-statistics <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> host-statistics-max <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> minimal-any <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> minimal-responses <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
......@@ -2552,6 +2553,16 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> qname-wait-recurse <em class="replaceable"><code>yes_or_no</code></em> </span>]
[<span class="optional"> automatic-interface-scan <em class="replaceable"><code>yes_or_no</code></em> </span>]
; </span>]
[<span class="optional"> catalog-zones {
zone <em class="replaceable"><code>quoted_string</code></em>
[<span class="optional"> default-masters
[<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>]
[<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>]
{ ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }</span>]
[<span class="optional">in-memory <em class="replaceable"><code>yes_or_no</code></em></span>]
[<span class="optional">min-update-interval <em class="replaceable"><code>interval</code></em></span>]
; [<span class="optional">...</span>] };
; </span>]
[<span class="optional">v6-bias <em class="replaceable"><code>number</code></em> ; </span>]
};
</pre>
......@@ -3810,6 +3821,25 @@ options {
performance of the server.
The default is <strong class="userinput"><code>no</code></strong>.
</p></dd>
<dt><span class="term"><span class="command"><strong>minimal-any</strong></span></span></dt>
<dd><p>
If set to <strong class="userinput"><code>yes</code></strong>, then when
generating a positive response to a query of type
ANY over UDP, the server will reply with only one
of the RRsets for the query name, and its covering
RRSIGs if any, instead of replying with all known
RRsets for the name. Similarly, a query for type
RRSIG will be answered with the RRSIG records covering
only one type. This can reduce the impact of some kinds
of attack traffic, without harming legitimate
clients. (Note, however, that the RRset returned is the
first one found in the database; it is not necessarily
the smallest available RRset.)
Additionally, <code class="option">minimal-responses</code> is
turned on for these queries, so no unnecessary records
will be added to the authority or additional sections.
The default is <strong class="userinput"><code>no</code></strong>.
</p></dd>
<dt><span class="term"><span class="command"><strong>multiple-cnames</strong></span></span></dt>
<dd><p>
This option was used in <acronym class="acronym">BIND</acronym> 8 to allow
......
......@@ -94,6 +94,35 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
A new method of provisioning secondary servers called
"Catalog Zones" has been added. This is an implementation of
<a class="link" href="https://datatracker.ietf.org/doc/draft-muks-dnsop-dns-catalog-zones/" target="_top">
draft-muks-dnsop-dns-catalog-zones/
</a>.
</p>
<p>
A catalog zone is a regular DNS zone which contains a list
of "member zones", along with the configuration options for
each of those zones. When a server is configured to use a
catalog zone, all the zones listed in the catalog zone are
added to the local server as slave zones. When the catalog
zone is updated (e.g., by adding or removing zones, or
changing configuration options for existing zones) those
changes will be put into effect. Since the catalog zone is
itself a DNS zone, this means configuration changes can be
propagated to slaves using the standard AXFR/IXFR update
mechanism.
</p>
<p>
This feature should be considered experimental. It currently
supports only basic features; more advanced features such as
ACLs and TSIG keys are not yet supported. Example catalog
zone configurations can be found in the Chapter 9 of the
BIND Administrator Reference Manual.
</p>
</li>
<li class="listitem"><p>
Added rndc python module.
</p></li>
......@@ -448,6 +477,14 @@
and if so, it will regenerate the RRSIG immediately. This helps
when a system's clock needs to be reset backwards.
</p></li>
<li class="listitem"><p>
The new <span class="command"><strong>minimal-any</strong></span> option reduces the size
of answers to UDP queries for type ANY by implementing one of
the strategies in "draft-ietf-dnsop-refuse-any": returning
a single arbitrarily-selected RRset that matches the query
name rather than returning all of the matching RRsets.
Thanks to Tony Finch for the contribution. [RT #41615]
</p></li>
</ul></div>
</div>
<div class="section">
......@@ -637,13 +674,21 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Fixed a crash when calling <span class="command"><strong>rndc stats</strong></span> on some
Windows builds: some Visual Studio compilers generate code that
crashes when the "%z" printf() format specifier is used. [RT #42380]
</p></li>
<li class="listitem"><p>
Windows installs were failing due to triggering UAC without
the installation binary being signed.
</p></li>
<li class="listitem"><p>
A race condition in rbt/rbtdb was leading to INSISTs being
triggered.
A change in the internal binary representation of the RBT database
node structure enabled a race condition to occur (especially when
BIND was built with certain compilers or optimizer settings),
leading to inconsistent database state which caused random
assertion failures. [RT #42380]
</p></li>
</ul></div>
</div>
......
......@@ -151,10 +151,16 @@
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.14.5">Configuring DynDB</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.14.6">Sample DynDB Module</a></span></dt>
</dl></dd>